30th Floor, North Tower, Beijing Kerry Centre, 1 Guanghua Road, Chaoyang District, Beijing, 100020
+86 10 8519 0011
50th Floor, Central Plaza, 18 Harbour Road, Wan Chai, Hong Kong
+852 2521 5621
Room 4605, Park Place, 1601 Nanjing West Road, Jing An District, Shanghai, 200040
+8621 6321 1166
Suite 2405, 24/F, SCIA Tower, Qianhai Shenzhen-Hong Kong Modern Service Industry Cooperation Zone of Shenzhen, Shenzhen, 518000
+86 755 6123 5666
Select your language
Please accept the geolocation request appearing in your browser
Find other officesThe Commission nationale de l'informatique et des libertés (CNIL) published guidelines on cookies and other connection trackers last year which, among other things, placed an absolute ban on online companies preventing customers from accessing their services unless they gave their consent to the use of 'cookies'. Those guidelines were issued to help businesses meet their obligations on the use of cookies under the General Data Protection Regulation (GDPR).
In a decision last month, the French Council of State, the highest administrative authority in France, said that the CNIL had exceeded its powers with such a ban, and repealed that part of the CNIL guidelines.
Paris-based data protection law expert Pauline Binelli of Pinsent Masons, the law firm behind Out-Law, said: "The CNIL's guidelines stated: 'The Commission considers that consent can be valid only if the person concerned is able to exercise his or her choice validly and does not suffer major inconvenience in the event of the absence or withdrawal of consent'. In practice, if a user did not want to consent to the monitoring of his or her browsing by means of depositing cookies and connection trackers, the editor of the website could not, under any circumstances block access to the website."
In a statement, CNIL said: "The Council of State considered that by deducting this general prohibition from the GDPR, the CNIL had gone beyond what is legally possible with guidelines, which are an instrument of 'soft law'.
The Commission will have to take note of the Council of State's decision and will have to comply strictly with it. The guidelines will be adjusted to the strict extent necessary to draw the consequences of the decision of the Council of State.
Cookies are small text files that record internet users' online activity. The use of 'cookie walls' has proven controversial and attracted substantial scrutiny, with a number of data protection authorities across Europe issuing different guidelines on the topic, including in the UK and more recently in Ireland.
Binelli said that while the Council of State had endorsed most of the CNIL's cookies guidance, there was another aspect of the guide that it had taken issue with.
"The guidelines were also criticised because they created an obligation for online service providers to ensure that each internet user was able to 'provide independent and specific consent for each distinct purpose' behind their use of cookies," Binelli said. "This principle is also mentioned in the French Data Protection Act. However, this requirement represents a burdensome obligation, both in terms of presentation and usability, for a data controller that wishes to deposit cookies or other trackers."
"On this point, the Council of State specifies that this requirement implies that, when the consent is given globally, it must be preceded by information specific to each of the purposes. The contested passage in the guidelines merely reiterates this requirement, without imposing on operators any particular technical modalities – whether global consent or purpose by purpose – for the collection of consent. The CNIL has said it will address this point in a new recommendation to be issued after September this year, with the Council of State requiring that this recommendation is only published following public consultation," she said.
Contact an adviser
Stay ahead by signing up to our weekly email of news and expert analysis, tailored for you
Data, privacy & cyber
Valid email address
Thanks, we have sent an email to
Please check your inbox to confirm your subscription. The confirmation email may take up to 15 minutes to arrive.
• Check your spam or junk folder
• Ensure your email address was entered correctly.
• You can amend your details and resubmit if required
• If the email has still not arrived, please contact us for assistance
OUT-LAW NEWS
Judges at the EU’s highest court have an opportunity to clarify EU trade mark law in a forthcoming ruling in which they will examine how to assess what impression consumers are left by trade marks, a brand protection expert has said.
OUT-LAW NEWS
The ability to end contracts without causing disruption to customer services is the main “contractual friction point” for financial institutions when negotiating contracts with cloud service providers, according to a study led by Pinsent Masons.The ability to end contracts without causing disruption to customer services is the main “contractual friction point” for financial institutions when negotiating contracts with cloud service providers, according to a study led by Pinsent Masons.
OUT-LAW NEWS
Plans to crack down on secondary ticketing markets for gigs and events seek to end unfair trading practices that see UK consumers facing hefty mark-ups, according to an expert.
We use cookies that are essential for our site to work. To improve our site, we would like to use additional cookies to help us understand how visitors use it, measure traffic to our site from social media platforms and to personalise your experience. Some of the cookies that we use are provided by third parties. To accept all cookies click ‘accept all’. To reject all optional cookies click ‘reject all’. To choose which optional cookies to allow click ‘cookie settings’. This tool uses a cookie to remember your choices.
Please visit our cookie policy for more information.
